KR100871182B1 - Method and system to provide a trusted channel within a computer system for a sim device - Google Patents

Method and system to provide a trusted channel within a computer system for a sim device Download PDF

Info

Publication number
KR100871182B1
KR100871182B1 KR1020067009481A KR20067009481A KR100871182B1 KR 100871182 B1 KR100871182 B1 KR 100871182B1 KR 1020067009481 A KR1020067009481 A KR 1020067009481A KR 20067009481 A KR20067009481 A KR 20067009481A KR 100871182 B1 KR100871182 B1 KR 100871182B1
Authority
KR
South Korea
Prior art keywords
encryption key
data
memory
exchanging
sim device
Prior art date
Application number
KR1020067009481A
Other languages
Korean (ko)
Other versions
KR20060090262A (en
Inventor
선딥 바지카
Original Assignee
인텔 코오퍼레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 인텔 코오퍼레이션 filed Critical 인텔 코오퍼레이션
Publication of KR20060090262A publication Critical patent/KR20060090262A/en
Application granted granted Critical
Publication of KR100871182B1 publication Critical patent/KR100871182B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Abstract

신뢰 플랫폼(110, 120, 140)에서 실행되는 애플리케이션과 SIM 장치(180) 사이에서의 데이터의 교환이 개시되어 있다. 교환될 데이터는 권한이 없는 액세스로부터 보호된다. 일 실시예에 따르면, 데이터의 교환은, 컴퓨터 시스템(100) 내에서의 신뢰 경로를 통한 암호화 키의 교환, 및 컴퓨터 시스템 내에서의 비신뢰 경로를 통한, 암호화 키로 암호화된 데이터의 교환을 포함한다.The exchange of data between the SIM device 180 and an application running on the trusted platform 110, 120, 140 is disclosed. The data to be exchanged is protected from unauthorized access. According to one embodiment, the exchange of data includes the exchange of an encryption key via a trusted path within computer system 100, and the exchange of data encrypted with an encryption key via an untrusted path within a computer system. .

SIM 장치, 신뢰 채널, 신뢰 플랫폼, 암호화 키 SIM device, trusted channel, trusted platform, encryption key

Description

SIM 장치용 컴퓨터 시스템 내에 신뢰 채널을 제공하는 방법 및 시스템 {METHOD AND SYSTEM TO PROVIDE A TRUSTED CHANNEL WITHIN A COMPUTER SYSTEM FOR A SIM DEVICE}METHOD AND SYSTEM TO PROVIDE A TRUSTED CHANNEL WITHIN A COMPUTER SYSTEM FOR A SIM DEVICE

본 발명은 일반적으로 신뢰 컴퓨터 플랫폼(trusted computer platform)에 관한 것이고, 더 구체적으로는 SIM 장치용 컴퓨터 시스템 내에 신뢰 채널(trusted channel)을 제공하는 방법 및 장치에 관한 것이다.The present invention relates generally to a trusted computer platform, and more particularly to a method and apparatus for providing a trusted channel in a computer system for a SIM device.

신뢰 운영 체제(trusted operating system) 및 플랫폼은 비교적 새로운 개념이다. 제1 세대 플랫폼에 있어서, 신뢰 환경(trusted environments)이 생성되는데, 여기서 애플리케이션은 변경 없이(tamper-free) 믿을 수 있게 실행될 수 있다. 다른 애플리케이션이 볼 수 없고(메모리 영역이 보호됨) 변경될 수 없는(코드 실행 흐름이 변경될 수 없음) 환경을 생성하기 위하여, 프로세서, 칩셋, 및 소프트웨어의 변화를 통해 보안이 생성된다. 따라서, 컴퓨터 시스템은 아무도 임의로 불법으로 접근할 수 없고 바이러스에 의하여 손상될 수 없다.Trusted operating systems and platforms are a relatively new concept. In a first generation platform, trusted environments are created where applications can be reliably run tamper-free. Security is created through changes in the processor, chipset, and software to create an environment that other applications cannot see (the memory area is protected) and cannot be changed (the code execution flow cannot be changed). Thus, no computer system can be arbitrarily accessed by anyone and compromised by viruses.

오늘날의 컴퓨터 시대에서, 스마트 카드로도 불리는 가입자 식별 모듈(Subscriber Identify Module; SIM)이 더 널리 사용되고 있다. SIM은 신용카드 크기의 카드로서, 전형적으로 모바일 통신용 글로벌 시스템(Global System for Mobile communication; GSM) 전화에 전화 계정 정보를 저장하고 인증, 권한 검증 및 과금(Authentication, Authorization and Accounting; AAA)을 제공하는데 사용된다. 또한, SIM 카드는 사용자가 빌린 GSM 전화를 자신의 소유인 것처럼 사용하도록 허용한다. 또한, SIM 카드는 전화의 화면 상에 사용자 설치 메뉴(custom menu)를 디스플레이하도록 프로그램될 수 있다. 어떠한 경우, SIM 카드는 감식 또는 재정 거래의 경우에 사용될 수 있는 내장된 마이크로프로세서와 메모리를 포함한다. 판독기에 삽입되면 SIM과 데이터를 주고받는 것이 용이하다. In today's computer age, Subscriber Identify Modules (SIMs), also called smart cards, are more widely used. A SIM is a credit card sized card, which typically stores phone account information on a Global System for Mobile communication (GSM) phone and provides authentication, authorization and accounting (AAA). Used. In addition, the SIM card allows the user to use a rented GSM phone as if he owned it. The SIM card may also be programmed to display a custom menu on the screen of the phone. In some cases, the SIM card includes a built-in microprocessor and memory that can be used in the case of informal or financial transactions. When inserted into the reader, it is easy to exchange data with the SIM.

컴퓨터 시스템에서 SIM 카드를 사용하는 경우, 권한이 없는 소프트웨어 애플리케이션으로부터 SIM으로의 액세스를 방지하기 위하여 SIM 카드로부터의 정보에 안전하게 액세스할 필요가 있다. When using a SIM card in a computer system, it is necessary to securely access information from the SIM card to prevent access to the SIM from unauthorized software applications.

하나 이상의 실시예들이 첨부 도면에서 예를 들어 도시되고 있지만, 이에 한정되지는 않는다.One or more embodiments are illustrated by way of example in the accompanying drawings, but are not limited to such.

도 1은 일 실시예에 따라 선택된 애플리케이션 및 데이터를 권한이 없는 액세스로부터 보호하기 위하여 신뢰 플랫폼을 제공할 수 있는 컴퓨터 시스템을 도시한 도면.1 illustrates a computer system capable of providing a trust platform to protect selected applications and data from unauthorized access, according to one embodiment.

도 2는 일 실시예에 따라 SIM 장치용 컴퓨터 시스템 내에 신뢰 채널을 제공하는 과정을 설명하는 흐름도.2 is a flow diagram illustrating a process of providing a trusted channel in a computer system for a SIM device, according to one embodiment.

SIM 장치용 컴퓨터 시스템 내에 신뢰 채널(trusted channel)을 제공하는 방법 및 시스템이 기술된다. 일 실시예에 따르면, SIM 장치와 신뢰 플랫폼에서 실행되는 애플리케이션 사이에서 데이터가 교환되며, 교환된 데이터는 권한이 없는 액세스로부터 보호된다. 일 실시예에 따르면, 컴퓨터 시스템 내 신뢰 채널을 경유하여 암호화 키(encryption key)가 교환된다. 암호화 키로 암호화된 데이터는 컴퓨터 시스템 내의 비신뢰 채널(untrusted channel)을 경유하여 교환된다.A method and system for providing a trusted channel in a computer system for a SIM device is described. According to one embodiment, data is exchanged between a SIM device and an application running on a trusted platform, and the exchanged data is protected from unauthorized access. According to one embodiment, encryption keys are exchanged via a trusted channel in the computer system. Data encrypted with an encryption key is exchanged via an untrusted channel in the computer system.

이하의 발명의 상세한 설명에서 다수의 구체적인 세부사항이 개시된다. 그러나, 이러한 구체적인 세부사항 없이도 실시예들이 구현될 수 있음을 알 수 있다. 다른 예에서, 공지된 회로, 구조 및 기술들은 본 발명의 상세한 설명의 이해를 모호하게 하지 않기 위하여 상세히 제시되지는 않는다.In the following detailed description, numerous specific details are set forth. However, it will be appreciated that embodiments may be practiced without these specific details. In other instances, well-known circuits, structures and techniques have not been shown in detail in order not to obscure the understanding of the detailed description of the invention.

본 명세서에서 "일 실시예"로 언급된 것은 이 실시예에 관하여 기술된 특정 성질 또는 구조가 적어도 하나의 실시예에 포함됨을 나타낸다. 따라서, 본 명세서의 "일 실시예에 따르면"이라는 어구는 반드시 동일한 실시예와 관련되는 것은 아니다. 또한, 특정 성질 또는 구조는 하나 이상의 실시예에서 임의의 적절한 방식으로 조합될 수 있다. 또한, 본 명세서에서 기술되는 바와 같이, 신뢰 플랫폼, 컴포넌트, 유닛, 또는 서브유닛은 보호 또는 보안되는 것으로서 교환 가능하게 참조된다.Reference herein to "one embodiment" indicates that a particular property or structure described with respect to this embodiment is included in at least one embodiment. Thus, the phrase "according to one embodiment" herein is not necessarily related to the same embodiment. In addition, certain properties or structures may be combined in any suitable manner in one or more embodiments. In addition, as described herein, a trust platform, component, unit, or subunit is interchangeably referred to as being protected or secured.

<신뢰 플랫폼(Trusted Platform)>Trusted Platform

도 1은 일 실시예에 따라 선택된 애플리케이션 및 데이터를 권한이 없는 액세스로부터 보호하기 위하여 신뢰 플랫폼을 제공할 수 있는 컴퓨터 시스템을 도시하고 있다. 도시된 실시예의 시스템(100)은 프로세서(110), 프로세서 버스(130)를 경유하여 프로세서(110)에 연결된 칩셋(120), 메모리(140), 및 SIM 카드(182) 상의 데이터에 액세스하기 위한 SIM 장치(180)를 포함한다. 다른 실시예에 따르면, 추가적인 프로세서와 유닛이 포함될 수 있다.1 illustrates a computer system capable of providing a trust platform to protect selected applications and data from unauthorized access, according to one embodiment. The system 100 of the illustrated embodiment is configured to access data on the processor 110, the chipset 120 connected to the processor 110, the memory 140, and the SIM card 182 via the processor bus 130. SIM device 180 is included. According to another embodiment, additional processors and units may be included.

프로세서(110)는 다양한 구성요소를 가질 수 있는데, 이는 임베디드 키(embedded key; 116), 페이지 테이블 레지스터{page table(PT) register; 114} 및 캐시 메모리(112)를 포함할 수 있으나, 이에 한정되지는 않는다. 캐시(112)의 전체 또는 일부는 전용 메모리{private memory(PM); 160}를 포함하거나 전용 메모리(160)로 전환될 수 있다. 전용 메모리는 전용 메모리로 활성화된 동안 임의의 권한이 없는 장치{예컨대, 관련 프로세서(110)가 아닌 다른 장치}에 의한 액세스를 방지하기 위한 충분한 보호를 가진 메모리이다.The processor 110 may have various components, which include an embedded key 116, a page table register (PT) register; 114} and the cache memory 112, but is not limited thereto. All or part of the cache 112 may include private memory (PM); 160} or may be converted to a dedicated memory 160. Dedicated memory is memory with sufficient protection to prevent access by any unauthorized device (eg, a device other than associated processor 110) while activated as dedicated memory.

키(116)는 데이터 및/또는 코드의 다수의 블록의 암호화(encryption), 암호 해독(decryption), 및/또는 검증(validation)에 사용될 임베디드 키일 수 있다. 이와 달리, 키(116)는 시스템(100) 내의 다른 유닛에 제공될 수 있다. PT 레지스터(114)는 어떤 메모리 페이지가 신뢰 코드에 의해서만 액세스 가능할 것인지와 어떤 메모리 페이지가 그렇게 보호되지 않을 것인지를 식별하기 위한 레지스터 형태의 테이블일 수 있다.The key 116 may be an embedded key to be used for encryption, decryption, and / or validation of multiple blocks of data and / or code. Alternatively, the key 116 may be provided to other units in the system 100. The PT register 114 may be a table in register form for identifying which memory pages will be accessible only by the trust code and which memory pages will not be so protected.

메모리(140)는, 일 실시예에 따르면 시스템(100)에 적합한 시스템 메모리를 포함할 수 있고, 일 실시예에 따르면 흔히 랜덤 액세스 메모리(RAM)로 불리는 휘발성 메모리로 구현될 수 있다. 일 실시예에 따르면, 메모리(140)는 보호 메모리 테이블(protected memory table; 142)을 포함할 수 있는데, 이는 메모리(140)에서 어떤 메모리 블록(메모리 블록은 계속 어드레스로 불러낼 수 있는 메모리 장소의 범위)이 직접 메모리 액세스 전송{direct memory access(DMA) transfer}에 액세스할 수 없을 것인지를 정의한다. 메모리(140)로의 모든 액세스는 칩셋(120)을 통과하기 때문에, 칩셋(120)은 임의의 DMA 전송이 일어나도록 허용하기 전에 보호 메모리 테이블(142)을 검사할 수 있다. 특정 연산에서, 보호 메모리 테이블(142)에 의하여 DMA 전송으로부터 보호된 메모리 블록은 프로세서(110)에서 PT 레지스터(144)에 의하여 보호 처리로 제한된 메모리 블록과 동일할 수 있다. 이와 달리 보호 메모리 테이블(142)은 시스템(100) 내의 다른 유닛의 메모리 장치에 저장될 수 있다.Memory 140 may include system memory suitable for system 100 in accordance with one embodiment, and may be implemented with volatile memory, commonly referred to as random access memory (RAM), in accordance with one embodiment. According to one embodiment, memory 140 may include a protected memory table 142, which is a block of memory location in memory 140 where memory blocks can continue to be addressed. Scope) is inaccessible to direct memory access (DMA) transfer. Since all access to memory 140 passes through chipset 120, chipset 120 may check protected memory table 142 before allowing any DMA transfer to occur. In a particular operation, the memory block protected from DMA transfers by the protected memory table 142 may be the same as the memory block limited to the protection processing by the PT register 144 at the processor 110. Alternatively, the protection memory table 142 may be stored in a memory device of another unit in the system 100.

일 실시예에 따르면, 메모리(140)는 신뢰 소프트웨어(S/W) 모니터(144)도 포함하는데, 이는 일단 신뢰 연산 환경(trusted operating environment)이 구축되면 전체 신뢰 연산 환경을 모니터링하고 제어할 수 있다. 일 실시예에 따르면, 신뢰 S/W 모니터(144)는 보호 메모리 테이블(142)에 의하여 DMA 전송으로부터 보호되는 메모리 블록에 위치할 수 있다.According to one embodiment, memory 140 also includes a trusted software (S / W) monitor 144, which may monitor and control the entire trusted computing environment once a trusted operating environment is established. . According to one embodiment, trusted S / W monitor 144 may be located in a block of memory protected from DMA transfer by protected memory table 142.

칩셋(120)은 프로세서(110), 메모리(140), SIM 장치(180), 및 기타 도시되지 않은 장치 사이의 인터페이스를 제공하는 논리 회로일 수 있다. 일 실시예에 따르면, 칩셋(120)은 하나 이상의 개별적인 집적 회로로서 구현되나, 다른 실시예에 따르면, 칩셋(120)은 큰 집적 회로의 일부분으로서 구현될 수 있다. 칩셋(120)은 메모리(140)로의 액세스를 제어하는 메모리 컨트롤러(122)를 포함할 수 있다. 또한, 일 실시예에 따르면, 칩셋(120)은 칩셋(120) 상에 집적된 SIM 장치의 SIM 판독기(SIM reader)를 가질 수 있다.Chipset 120 may be a logic circuit that provides an interface between processor 110, memory 140, SIM device 180, and other devices not shown. According to one embodiment, chipset 120 is implemented as one or more separate integrated circuits, while in other embodiments, chipset 120 may be implemented as part of a larger integrated circuit. Chipset 120 may include a memory controller 122 that controls access to memory 140. Further, according to one embodiment, chipset 120 may have a SIM reader of a SIM device integrated on chipset 120.

일 실시예에 따르면, 보호 레지스터(126)는 프로세서(110) 내의 신뢰 마이크로코드(trusted microcode)에 의해서만 시작될 수 있는 명령어에 의해서만 기록될 수 있다. 신뢰 마이크로코드는 권한이 있는 명령어 및/또는 권한이 없는 장치에 의해 제어될 수 없는 하드웨어에 의해서만 실행이 시작될 수 있는 마이크로코드이다. 일 실시예에 따르면, 신뢰 레지스터(126)는 신뢰 메모리 테이블(142)과 신뢰 S/W 모니터(144)의 장소를 식별하고 그에 대한 액세스를 제어하는 데이터를 보유한다. 일 실시예에 따르면, 신뢰 레지스터(126)는 신뢰 메모리 테이블(142)의 사용을 가능하게 하거나 불가능하게 하는 레지스터를 포함하여, 신뢰 연산 환경에 들어가기 전에 DMA 보호가 활성화되고 신뢰 연산 환경을 떠난 후에 DMA 보호가 비활성화될 수 있도록 한다.According to one embodiment, the protection register 126 may be written only by instructions that may only be initiated by trusted microcode within the processor 110. Trusted microcode is microcode that can only be started by hardware that cannot be controlled by privileged instructions and / or unauthorized devices. According to one embodiment, trust register 126 holds data that identifies and controls access to trust memory table 142 and trust S / W monitor 144. According to one embodiment, the trust register 126 includes a register that enables or disables the use of the trust memory table 142, such that the DMA protection is activated before leaving the trust operation environment and after leaving the trust operation environment. Allow protection to be deactivated.

<SIM 장치와의 신뢰 채널><Trust channel with SIM device>

도 2는 일 실시예에 따라 SIM 장치용 컴퓨터 시스템 내에 신뢰 채널을 제공하는 과정을 나타내는 흐름도이다. 본 명세서에서 설명되는 바와 같이, SIM 장치에 대한 언급은 다른 유형의 관련 스마트 카드를 포함한다. 도 2의 흐름도에 나타난 과정은 전술한 도 1의 시스템을 참조하여 설명된다.2 is a flow diagram illustrating a process of providing a trusted channel in a computer system for a SIM device according to one embodiment. As described herein, references to SIM devices include other types of related smart cards. The process shown in the flowchart of FIG. 2 is described with reference to the system of FIG. 1 described above.

일 실시예에 따르면, 과정(202)에서, 시스템(100)의 신뢰 환경에서 실행되는 애플리케이션(150)은, 정보가 시스템(100)의 SIM 장치(180)로부터 액세스될 것인지를 결정한다. 신뢰 환경에서 실행되는 애플리케이션(150)은 캐시(112)의 보호 메모리(160)나 메모리(140)의 보호 섹션과 같은 보호 메모리에 위치할 수 있다. 일 실시예에 따르면, SIM 장치(180)는, 다소 먼 곳에서 실행되는 애플리케이션이 아니라 SIM 장치가 물리적으로 부착된 플랫폼에서 실행되는 신뢰 환경 내 애플리케이션으로부터 액세스가 오는 것을 확인하는 메커니즘을 포함한다.According to one embodiment, at step 202, the application 150 running in the trusted environment of the system 100 determines whether the information will be accessed from the SIM device 180 of the system 100. Applications 150 running in a trusted environment may be located in protected memory, such as protected memory 160 of cache 112 or protected sections of memory 140. According to one embodiment, the SIM device 180 includes a mechanism for verifying that access comes from an application in a trusted environment running on a platform to which the SIM device is physically attached, rather than an application running somewhat distant.

과정(204)에서, 애플리케이션과 SIM 장치는, 애플리케이션이 SIM 장치로부터 데이터를 수신하는 것이 적절한지, 또는 SIM 장치가 애플리케이션으로 데이터를 전송하는 것이 적절한지를 결정하는 상호 인증을 수행한다. 상호 인증은 관련 기술 분야에 공지된 다양한 과정을 통하여 수행될 수 있다.In step 204, the application and the SIM device perform mutual authentication to determine whether the application is appropriate to receive data from the SIM device or whether the SIM device is appropriate to send data to the application. Mutual authentication may be performed through various processes known in the art.

일 실시예에 따르면, 상호 인증을 완료한 후, 과정(206)에서 애플리케이션(150)이 메모리 장치와의 신뢰 채널을 경유하여 메모리(140)의 보호 섹션으로 암호화 키를 전송하고, CPU에 보유된 대응하는 PT 목록을 전송한다. 일 실시예에 따르면, 암호화 키를 저장하는 메모리의 보호 섹션은 보호 메모리 테이블(142)을 통하여 식별할 수 있다.According to one embodiment, after completing mutual authentication, in step 206 the application 150 transmits the encryption key to the protected section of the memory 140 via a trusted channel with the memory device and is held in the CPU. Send the corresponding PT list. According to one embodiment, the protected section of the memory that stores the encryption key may be identified through the protected memory table 142.

애플리케이션(150)에 의하여 메모리(140)의 보호 섹션으로 제공되는 암호화 키는 애플리케이션(150)에 의하여 생성되며, DES(Data Encryption Standard)나 AES(Advanced Encryption Standard)와 같은 여러 이용 가능한 암호화 과정 중 하나에 적용될 수 있다. 일 실시예에 따르면, 암호화 키는 프로세서(110)의 키(116)의 사용을 통하여 생성된다.The encryption key provided by the application 150 to the protected section of the memory 140 is generated by the application 150 and is one of several available encryption processes, such as Data Encryption Standard (DES) or Advanced Encryption Standard (AES). Can be applied to According to one embodiment, the encryption key is generated through the use of the key 116 of the processor 110.

과정(208)에서, SIM 장치(180)는 메모리(140)의 보호 섹션으로부터 암호화 키에 액세스한다. 일 실시예에 따르면, SIM 장치는 칩셋(120)의 신뢰 포트(trusted port; 112)를 경유하여 암호화 키에 액세스하는데, 이는 메모리(140)의 보호 섹션으로 매핑된다. 일 실시예에 따르면, 신뢰 포트는 USB를 포함하는 다양한 플랫폼 버스 프로토콜을 지원할 수 있다. 이와 다른 실시예에 따르면, 암호화 키가 SIM 장치에 의하여 제공되며, 애플리케이션은 SIM 장치로부터 칩셋의 신뢰 포트를 경유하여 암호화 키에 액세스한다.In step 208, the SIM device 180 accesses the encryption key from the protected section of the memory 140. According to one embodiment, the SIM device accesses an encryption key via a trusted port 112 of chipset 120, which maps to a protected section of memory 140. According to one embodiment, the trusted port may support various platform bus protocols, including USB. According to another embodiment, an encryption key is provided by a SIM device, and an application accesses the encryption key from the SIM device via a trusted port of the chipset.

과정(210)에서는, 애플리케이션(150)으로 전송될 데이터를 암호화하기 위하여 SIM 장치(180)가 암호화 키를 사용한다. 과정(212)에서는, 암호화된 패킷이 SIM 장치(180)로부터 칩셋의 호스트 컨트롤러(128), 예컨대 USB 호스트 컨트롤러에 의하여 메모리의 통상의 영역, 즉 메모리(148)의 비보호 섹션으로 전송된다. 예를 들면, USB 데이터 패킷과 같은 데이터 패킷을 저장하는데 사용되는 메모리의 영역이다.In step 210, the SIM device 180 uses the encryption key to encrypt the data to be sent to the application 150. In process 212, the encrypted packet is transferred from the SIM device 180 to the normal area of memory, ie, the unprotected section of the memory 148, by the chipset's host controller 128, such as a USB host controller. For example, an area of memory used to store data packets, such as USB data packets.

일 실시예에 따르면, 암호화된 패킷은 칩셋의 통상의 포트(120), 즉 비보호 포트를 경유하여 호스트 컨트롤러에 의해 메모리로 전송되는데, 이는 메모리(148)의 비보호 섹션으로 매핑된다. 일 실시예에 따르면, SIM 장치로부터의 암호화된 패킷은 무결성 보호 수준(level of integrity protection)을 제공하기 위하여 메시지 인증 코드(Message Authentication Code; MAC)를 포함한다.According to one embodiment, the encrypted packet is sent to the memory by the host controller via a conventional port 120 of the chipset, that is, an unprotected port, which is mapped to an unprotected section of the memory 148. According to one embodiment, the encrypted packet from the SIM device includes a Message Authentication Code (MAC) to provide a level of integrity protection.

과정(214)에서, 드라이버(예컨대, 비보호 USB 드라이버)는 메모리(148)의 비보호 섹션으로부터 암호화된 패킷에 액세스하고, 신뢰 환경에서 실행되는 애플리케이션(150)에 암호화된 패킷을 제공한다. 과정(216)에서, 애플리케이션(150)은 SIM 장치로부터 데이터에 액세스하기 위하여 암호화된 패킷을 암호 해독하며, 이는 시스템(100) 내의 비신뢰 경로를 통하여 애플리케이션으로 안전하게 전송된다.At step 214, the driver (eg, unprotected USB driver) accesses the encrypted packet from the unprotected section of memory 148 and provides the encrypted packet to application 150 running in a trusted environment. In process 216, the application 150 decrypts the encrypted packet to access data from the SIM device, which is securely sent to the application via an untrusted path within the system 100.

일 실시예에 따르면, 미리 정의된 이벤트에 기초하여 새로운 암호화 키가 교환될 수 있다. 예를 들면, 새로운 암호화 키는 (구현 선택에 기초하여 정의된) 각각의 새로운 트랜잭션, 미리 정의된 주기의 시간 경과, 또는 미리 정의된 양의 데이터의 교환 중 하나 또는 그 조합에 기초하여 교환될 수 있다.According to one embodiment, new encryption keys may be exchanged based on predefined events. For example, a new encryption key may be exchanged based on one or a combination of each new transaction (defined based on implementation selection), the time course of a predefined period, or the exchange of a predefined amount of data. have.

또 다른 실시예에 따르면, 다중 암호화 키(multiple encryption keys)가 애플리케이션(150)과 SIM 장치(180) 사이에서 교환되는데, 이는 SIM 장치(180)와 애플리케이션(150) 사이의 암호화된 데이터 교환에 사용될 것이다. 예를 들면, SIM 장치는 다중 데이터 파이프(multiple data pipe), 예컨대 벌크인(bulk-in), 벌크아웃(bulk-out), 및 디폴트 제어 파이프를 포함할 수 있다. SIM 장치의 각각의 데이터 파이프에 대하여, 개별적인 암호화 키가 데이터 교환을 보호하는데 사용될 수 있다. 이와 달리, 개별적인 데이터 파이프가 모두 동일한 암호화 키를 사용할 수 있다.According to another embodiment, multiple encryption keys are exchanged between the application 150 and the SIM device 180, which are to be used for encrypted data exchange between the SIM device 180 and the application 150. will be. For example, the SIM device may include multiple data pipes, such as bulk-in, bulk-out, and default control pipe. For each data pipe of the SIM device, a separate encryption key can be used to protect the data exchange. Alternatively, individual data pipes can all use the same encryption key.

다른 실시예에 따르면, 암호화를 사용하지 않고도 SIM 장치로부터 애플리케이션으로 데이터 패킷이 전송될 수 있다. 예를 들면, 호스트 컨트롤러(128)는 SIM 장치로부터 칩셋(120)의 신뢰 포트(112)를 경유하여 메모리(140)의 보호 섹션으로 데이터를 전송한다. 그리고 나서, 신뢰 드라이버는 SIM 데이터를 암호화하지 않고서, 메모리(140)의 보호 섹션으로부터의 데이터에 액세스하고 신뢰 경로를 통하여 애플리케이션(150)에 데이터를 제공할 것이다.According to another embodiment, data packets may be sent from the SIM device to the application without using encryption. For example, the host controller 128 transfers data from the SIM device to the protected section of the memory 140 via the trusted port 112 of the chipset 120. The trust driver will then access the data from the protected section of memory 140 and provide data to the application 150 via the trust path without encrypting the SIM data.

전술한 과정은 실행될 명령어의 집합으로 컴퓨터 시스템의 메모리에 저장될 수 있다. 또한, 전술한 과정을 수행하기 위한 명령어는, 이와 달리 자기 및 광 디스크를 포함하는 다른 형태의 머신 판독 가능 매체(machine-readable media)에 저장될 수 있다. 예를 들면, 설명된 과정들은 디스크 드라이브(또는 컴퓨터 판독 가능 매체 드라이브)를 경유하여 액세스 가능한 자기 디스크나 광 디스크와 같은 머신 판독 가능 매체에 저장될 수 있다. 또한, 명령어는 컴파일 및 링크된 버전으로 데이터 네트워크 상에서 연산 장치로 다운로드될 수 있다.The above-described process may be stored in a memory of a computer system as a set of instructions to be executed. In addition, the instructions for performing the above processes may alternatively be stored in other forms of machine-readable media, including magnetic and optical disks. For example, the described procedures may be stored on a machine readable medium, such as a magnetic disk or an optical disk, accessible via a disk drive (or computer readable medium drive). In addition, the instructions may be downloaded to the computing device over a data network in compiled and linked versions.

이와 달리, 전술한 바와 같은 과정을 수행하는 로직은 대규모 집적 회로(LSI), 특정 용도 집적 회로(ASIC), 전기적 소거 및 프로그램 가능 읽기용 메모리(EEPROM)와 같은 펌웨어와 같은 이산 하드웨어 컴포넌트, 및 전기, 광, 음향 및 기타 형태의 전파된 신호(예컨대, 캐리어 파, 적외선 신호, 디지털 신호 등) 등과 같은 추가적인 컴퓨터 및/또는 머신 판독 가능 매체에서 구현될 수 있다.In contrast, the logic to perform the process as described above includes discrete hardware components such as large scale integrated circuits (LSIs), special purpose integrated circuits (ASICs), firmware such as electrical erase and programmable read memory (EEPROM), and electrical May be implemented in additional computer and / or machine readable media, such as optical, acoustic and other forms of propagated signals (eg, carrier waves, infrared signals, digital signals, etc.).

이상의 명세서에서, 본 발명은 예시적인 특정 실시예를 참조하여 기술되었다. 그러나, 첨부된 청구범위에서 개시된 본 발명의 넓은 의도 및 범위를 벗어나지 않고서 다양한 수정 및 변경이 이루어질 수 있음이 명백할 것이다. 특히, 본 명세서에서 기술된 바와 같이, SIM 장치는 USB 칩/스마트 카드 인터페이스 장치(CCID)를 포함하는 스마트 카드 장치를 포함한다. 또한, 본 명세서에서 기술된 바와 같이, 시스템의 아키텍쳐는 사용되는 임의의 특정 키 교환 프로토콜에 대하여 독립적이다. 따라서, 명세서와 도면은 한정적인 의미라기보다는 예시적인 의미로 간주되어야 한다.In the foregoing specification, the invention has been described with reference to specific exemplary embodiments. However, it will be apparent that various modifications and changes may be made without departing from the broad intent and scope of the invention as set forth in the appended claims. In particular, as described herein, a SIM device includes a smart card device that includes a USB chip / smart card interface device (CCID). In addition, as described herein, the architecture of the system is independent of any particular key exchange protocol used. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims (24)

신뢰 플랫폼(trusted platform)에서 실행되는 애플리케이션과 SIM 장치 사이에서, 컴퓨터 시스템 내에서 신뢰 경로(trusted path)를 통하여 데이터를 교환하는 단계를 포함하고,Exchanging data via a trusted path within a computer system between an SIM device and an application running on a trusted platform, 상기 신뢰 경로는 칩셋의 신뢰 포트(trusted port)를 통하는 경로이며, 교환되는 상기 데이터는 권한이 없는 액세스로부터 보호되는 방법.The trusted path is a path through a trusted port of a chipset, and wherein the data exchanged is protected from unauthorized access. 제1항에 있어서,The method of claim 1, 상기 데이터를 교환하는 단계는,Exchanging the data includes: 상기 컴퓨터 시스템 내에서 상기 신뢰 경로를 통하여 암호화 키(encryption key)를 교환하는 단계; 및Exchanging an encryption key through the trust path within the computer system; And 상기 컴퓨터 시스템 내에서 비신뢰 경로(untrusted path)를 통하여 상기 암호화 키로 암호화된 데이터를 교환하는 단계Exchanging data encrypted with the encryption key via an untrusted path within the computer system 를 포함하는 방법.How to include. 제2항에 있어서,The method of claim 2, 상기 암호화 키를 교환하는 단계는,Exchanging the encryption key, 상기 애플리케이션이 상기 컴퓨터 시스템 내에서 메모리의 보호 섹션(protected section)으로 상기 암호화 키를 전송하는 단계; 및The application sending the encryption key to a protected section of memory in the computer system; And SIM 장치가 메모리의 상기 보호 섹션으로부터 상기 암호화 키에 액세스하는 단계SIM device accessing the encryption key from the protected section of memory 를 포함하는 방법.How to include. 제2항에 있어서,The method of claim 2, 상기 암호화 키를 교환하는 단계는 상기 애플리케이션이 상기 SIM 장치로부터 상기 암호화 키에 액세스하는 단계, 상기 애플리케이션이 상기 칩셋의 신뢰 포트(trusted port)를 경유하여 상기 암호화 키에 액세스하는 단계를 포함하는 방법.Exchanging the encryption key comprises the application accessing the encryption key from the SIM device and the application accessing the encryption key via a trusted port of the chipset. 제2항에 있어서,The method of claim 2, 상기 암호화 키를 교환하는 단계는 다중 암호화 키(multiple encryption keys)를 교환하는 방법을 포함하고,Exchanging the encryption keys includes a method of exchanging multiple encryption keys, 상기 데이터를 교환하는 단계는 데이터의 개별적인 유닛을 교환하는 단계를 포함하되, 데이터의 각 유닛은 상기 다중 암호화 키로부터 선택된 암호화 키로 개별적으로 암호화되는 방법.Exchanging the data includes exchanging individual units of data, wherein each unit of data is individually encrypted with an encryption key selected from the multiple encryption keys. 제2항에 있어서,The method of claim 2, 상기 데이터를 교환하는 단계는 호스트 컨트롤러(host controller)가 SIM 장치로부터 메모리의 비보호 섹션(unprotected section)으로 데이터를 전송하는 단계를 포함하는 방법.Exchanging data includes a host controller transferring data from a SIM device to an unprotected section of memory. 제6항에 있어서,The method of claim 6, 상기 데이터를 교환하는 단계는 드라이버가 메모리의 상기 비보호 섹션으로부터 상기 애플리케이션으로 데이터를 전송하는 단계를 포함하는 방법.Exchanging the data includes a driver transferring data from the unprotected section of memory to the application. 제7항에 있어서, The method of claim 7, wherein 상기 호스트 컨트롤러는 범용 직렬 버스(USB) 호스트 컨트롤러이고, 상기 드라이버는 USB 드라이버인 방법.The host controller is a universal serial bus (USB) host controller and the driver is a USB driver. 제6항에 있어서,The method of claim 6, 상기 암호화 키를 교환하는 단계는 상기 SIM 장치가 메모리의 보호 섹션으로부터 상기 칩셋의 신뢰 포트를 경유하여 상기 암호화 키를 판독하는 단계를 포함하는 방법.Exchanging the encryption key comprises the SIM device reading the encryption key from a protected section of memory via a trusted port of the chipset. 제6항에 있어서,The method of claim 6, 상기 애플리케이션이 상기 암호화 키를 사용하여 상기 암호화된 데이터를 암호 해독하는 단계를 더 포함하는 방법.The application further decrypting the encrypted data using the encryption key. 제7항에 있어서,The method of claim 7, wherein 상기 암호화 키를 교환하기 전에 상기 애플리케이션이 상기 SIM 장치를 인증하는 단계를 더 포함하는 방법.And the application authenticates the SIM device before exchanging the encryption key. 제6항에 있어서,The method of claim 6, 각각의 새로운 트랜잭션, 미리 정해진 주기의 시간 경과, 및 미리 정해진 양의 데이터 교환을 포함하는 그룹으로부터 선택된 미리 정해진 이벤트에 기초하여 새로운 암호화 키를 교환하는 단계를 더 포함하는 방법.Exchanging a new encryption key based on a predetermined event selected from the group comprising each new transaction, a predetermined period of time, and a predetermined amount of data exchange. 프로세서;A processor; 보호 섹션과 비보호 섹션을 가지는 메모리;A memory having a protected section and an unprotected section; SIM 장치; 및SIM device; And 신뢰 플랫폼에서 실행되는 애플리케이션과 상기 SIM 장치 사이에서 데이터를 교환하기 위한 신뢰 포트를 포함하는 칩셋Chipset including a trusted port for exchanging data between the SIM device and an application running on a trusted platform 을 포함하고,Including, 교환되는 상기 데이터는 권한이 없는 액세스로부터 보호되는 시스템.The data exchanged is protected from unauthorized access. 제13항에 있어서,The method of claim 13, 상기 데이터의 교환은 컴퓨터 시스템 내에서의 신뢰 경로를 통한 암호화 키의 교환, 및 상기 컴퓨터 시스템 내에서의 비신뢰 경로를 통한 상기 암호화 키로 암호화된 데이터의 교환을 포함하는 시스템.The exchange of data includes the exchange of an encryption key over a trusted path within a computer system, and the exchange of data encrypted with the encryption key over an untrusted path within the computer system. 제14항에 있어서,The method of claim 14, 상기 암호화 키의 교환은 메모리의 상기 보호 섹션으로 상기 암호화 키를 전송하는 상기 애플리케이션, 및 메모리의 상기 보호 섹션으로부터 상기 암호화 키에 액세스하는 상기 SIM 장치를 포함하는 시스템.Said exchange of encryption keys comprises said application for transmitting said encryption key to said protected section of memory and said SIM device accessing said encryption key from said protected section of memory. 제14항에 있어서,The method of claim 14, 상기 암호화 키의 교환은 상기 SIM 장치로부터 상기 암호화 키에 액세스하는 상기 애플리케이션을 포함하고, 상기 애플리케이션은 상기 칩셋의 신뢰 포트를 경유하여 상기 암호화 키에 액세스하는 시스템.The exchange of encryption key includes the application to access the encryption key from the SIM device, the application accessing the encryption key via a trusted port of the chipset. 제14항에 있어서,The method of claim 14, 상기 암호화 키의 교환은 다중 암호화 키의 교환을 포함하고, 상기 데이터의 교환은 데이터의 개별적인 유닛의 교환을 포함하되, 데이터의 각 유닛은 상기 다중 암호화 키로부터 선택된 암호화 키로 개별적으로 암호화되는 시스템.Said exchange of encryption keys comprises the exchange of multiple encryption keys, wherein said exchange of data includes the exchange of individual units of data, wherein each unit of data is individually encrypted with an encryption key selected from said multiple encryption keys. 제13항에 있어서,The method of claim 13, 상기 시스템은 상기 SIM 장치로부터 메모리의 비보호 섹션으로 데이터를 전송하는 호스트 컨트롤러를 더 포함하는 시스템.The system further comprises a host controller for transferring data from the SIM device to an unprotected section of memory. 제18항에 있어서,The method of claim 18, 상기 시스템은 메모리의 상기 비보호 섹션으로부터 상기 애플리케이션으로 데이터를 전송하는 드라이버를 더 포함하는 시스템.The system further comprises a driver for transferring data from the unprotected section of memory to the application. 제19항에 있어서, The method of claim 19, 상기 호스트 컨트롤러는 범용 직렬 버스(USB) 호스트 컨트롤러이고, 상기 드라이버는 USB 드라이버인 시스템.The host controller is a universal serial bus (USB) host controller and the driver is a USB driver. 제14항에 있어서,The method of claim 14, 상기 SIM 장치는 메모리의 상기 보호 섹션으로부터 상기 칩셋의 신뢰 포트를 경유하여 상기 암호화 키를 판독하는 시스템.The SIM device reads the encryption key from the protected section of memory via a trusted port of the chipset. 제14항에 있어서, The method of claim 14, 상기 애플리케이션은 상기 암호화 키를 사용하여 상기 암호화된 데이터를 암호 해독하는 시스템.The application decrypts the encrypted data using the encryption key. 제17항에 있어서, The method of claim 17, 상기 애플리케이션은 상기 암호화 키의 교환 전에 상기 SIM 장치를 인증하는 시스템.The application authenticates the SIM device before exchanging the encryption key. 제14항에 있어서,The method of claim 14, 각각의 새로운 트랜잭션, 미리 정해진 주기의 시간 경과, 및 미리 정해진 양의 데이터 교환을 포함하는 그룹으로부터 선택된 미리 정해진 이벤트에 기초하여 새로운 암호화 키가 교환되는 시스템.And a new encryption key is exchanged based on a predetermined event selected from the group comprising each new transaction, a predetermined period of time, and a predetermined amount of data exchange.
KR1020067009481A 2003-11-17 2004-11-05 Method and system to provide a trusted channel within a computer system for a sim device KR100871182B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/715,970 2003-11-17
US10/715,970 US7636844B2 (en) 2003-11-17 2003-11-17 Method and system to provide a trusted channel within a computer system for a SIM device

Publications (2)

Publication Number Publication Date
KR20060090262A KR20060090262A (en) 2006-08-10
KR100871182B1 true KR100871182B1 (en) 2008-12-01

Family

ID=34574323

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020067009481A KR100871182B1 (en) 2003-11-17 2004-11-05 Method and system to provide a trusted channel within a computer system for a sim device

Country Status (6)

Country Link
US (1) US7636844B2 (en)
JP (1) JP4461145B2 (en)
KR (1) KR100871182B1 (en)
CN (1) CN100480946C (en)
TW (1) TWI308836B (en)
WO (1) WO2005050423A1 (en)

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060099991A1 (en) * 2004-11-10 2006-05-11 Intel Corporation Method and apparatus for detecting and protecting a credential card
US8027472B2 (en) * 2005-12-30 2011-09-27 Selim Aissi Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel
US7542345B2 (en) * 2006-02-16 2009-06-02 Innovative Silicon Isi Sa Multi-bit memory cell having electrically floating body transistor, and method of programming and reading same
US7925896B2 (en) * 2006-03-30 2011-04-12 Texas Instruments Incorporated Hardware key encryption for data scrambling
US7809939B2 (en) * 2006-03-31 2010-10-05 Intel Corporation Trusted point-to-point communication over open bus
US9092635B2 (en) * 2006-03-31 2015-07-28 Gemalto Sa Method and system of providing security services using a secure device
KR20140109513A (en) 2006-05-09 2014-09-15 인터디지탈 테크날러지 코포레이션 Secure time functionality for a wireless device
WO2008028437A1 (en) * 2006-09-07 2008-03-13 Nokia Siemens Networks Gmbh & Co. Kg Method for providing service quality for a packet data connection and system, network node and communication terminal
GB2442023B (en) * 2006-09-13 2011-03-02 Advanced Risc Mach Ltd Memory access security management
WO2008150060A1 (en) * 2007-06-04 2008-12-11 Lg Electronics Inc. Contactless management using envelope format
KR100955347B1 (en) * 2007-11-15 2010-04-29 한국전자통신연구원 Apparatus and method for information management of terminal
KR100923987B1 (en) * 2007-12-13 2009-10-28 한국전자통신연구원 Method and device for security
JP2009152812A (en) * 2007-12-20 2009-07-09 Hitachi Ltd Network connection method of non-portable terminal by transfer of user identification information of terminal
US8322610B2 (en) * 2009-03-13 2012-12-04 Assa Abloy Ab Secure access module for integrated circuit card applications
WO2011022437A1 (en) * 2009-08-17 2011-02-24 Cram, Inc. Digital content management and delivery
US8397306B1 (en) * 2009-09-23 2013-03-12 Parallels IP Holdings GmbH Security domain in virtual environment
US8566934B2 (en) 2011-01-21 2013-10-22 Gigavation, Inc. Apparatus and method for enhancing security of data on a host computing device and a peripheral device
JP5772031B2 (en) * 2011-02-08 2015-09-02 富士通株式会社 Communication device and secure module
US9633391B2 (en) 2011-03-30 2017-04-25 Cram Worldwide, Llc Secure pre-loaded drive management at kiosk
GB2506803B (en) 2011-08-10 2020-07-01 Srivastava Gita Apparatus and method for enhancing security of data on a host computing device and a peripheral device
US20140143147A1 (en) * 2011-12-20 2014-05-22 Rajesh Poornachandran Transaction fee negotiation for currency remittance
US9135449B2 (en) * 2012-07-24 2015-09-15 Electronics And Telecommunications Research Institute Apparatus and method for managing USIM data using mobile trusted module
PT3028213T (en) 2013-07-31 2022-07-20 Hewlett Packard Development Co Protecting data in memory of a consumable product
EP2894588B1 (en) 2014-01-13 2018-08-15 Nxp B.V. Data processing device, method for executing an application and computer program product
CN104468997B (en) * 2014-12-01 2017-09-19 努比亚技术有限公司 Encrypted state processing method and processing device
US10621088B2 (en) 2014-12-08 2020-04-14 Intel Corporation Apparatus and method to improve memory access performance between shared local memory and system global memory
SG10201500698YA (en) * 2015-01-29 2016-08-30 Huawei Internat Pte Ltd Method for data protection using isolated environment in mobile device
US10374805B2 (en) * 2015-07-20 2019-08-06 Intel Corporation Technologies for trusted I/O for multiple co-existing trusted execution environments under ISA control
US11321493B2 (en) * 2017-05-31 2022-05-03 Crypto4A Technologies Inc. Hardware security module, and trusted hardware network interconnection device and resources
US11411933B2 (en) * 2018-02-23 2022-08-09 Microsoft Technology Licensing, Llc Trusted cyber physical system
US11190356B2 (en) 2018-02-23 2021-11-30 Microsoft Technology Licensing, Llc Secure policy ingestion into trusted execution environments
US11205003B2 (en) 2020-03-27 2021-12-21 Intel Corporation Platform security mechanism
US11874776B2 (en) 2021-06-25 2024-01-16 Intel Corporation Cryptographic protection of memory attached over interconnects

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001013198A1 (en) * 1999-08-13 2001-02-22 Hewlett-Packard Company Enforcing restrictions on the use of stored data

Family Cites Families (170)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US640838A (en) * 1899-09-07 1900-01-09 William C Vough Piano-action.
US3699532A (en) 1970-04-21 1972-10-17 Singer Co Multiprogramming control for a data handling system
US3996449A (en) 1975-08-25 1976-12-07 International Business Machines Corporation Operating system authenticator
US4162536A (en) 1976-01-02 1979-07-24 Gould Inc., Modicon Div. Digital input/output system and method
US4037214A (en) 1976-04-30 1977-07-19 International Business Machines Corporation Key register controlled accessing system
US4247905A (en) * 1977-08-26 1981-01-27 Sharp Kabushiki Kaisha Memory clear system
US4278837A (en) 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4276594A (en) 1978-01-27 1981-06-30 Gould Inc. Modicon Division Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same
US4207609A (en) 1978-05-08 1980-06-10 International Business Machines Corporation Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system
JPS5823570B2 (en) * 1978-11-30 1983-05-16 国産電機株式会社 Liquid level detection device
JPS5576447A (en) 1978-12-01 1980-06-09 Fujitsu Ltd Address control system for software simulation
US4307447A (en) 1979-06-19 1981-12-22 Gould Inc. Programmable controller
US4319323A (en) * 1980-04-04 1982-03-09 Digital Equipment Corporation Communications device for data processing system
US4419724A (en) 1980-04-14 1983-12-06 Sperry Corporation Main bus interface package
US4366537A (en) 1980-05-23 1982-12-28 International Business Machines Corp. Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys
US4403283A (en) 1980-07-28 1983-09-06 Ncr Corporation Extended memory system and method
DE3034581A1 (en) * 1980-09-13 1982-04-22 Robert Bosch Gmbh, 7000 Stuttgart READ-OUT LOCK FOR ONE-CHIP MICROPROCESSORS
US4521852A (en) 1982-06-30 1985-06-04 Texas Instruments Incorporated Data processing device formed on a single semiconductor substrate having secure memory
JPS59111561A (en) * 1982-12-17 1984-06-27 Hitachi Ltd Access controlling system of composite processor system
US4759064A (en) 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems
US4975836A (en) 1984-12-19 1990-12-04 Hitachi, Ltd. Virtual computer system
JPS61206057A (en) * 1985-03-11 1986-09-12 Hitachi Ltd Address converting device
FR2592510B1 (en) * 1985-12-31 1988-02-12 Bull Cp8 METHOD AND APPARATUS FOR CERTIFYING SERVICES OBTAINED USING A PORTABLE MEDIUM SUCH AS A MEMORY CARD
FR2601476B1 (en) 1986-07-11 1988-10-21 Bull Cp8 METHOD FOR AUTHENTICATING EXTERNAL AUTHORIZATION DATA BY A PORTABLE OBJECT SUCH AS A MEMORY CARD
FR2601525B1 (en) * 1986-07-11 1988-10-21 Bull Cp8 SECURITY DEVICE PROHIBITING THE OPERATION OF AN ELECTRONIC ASSEMBLY AFTER A FIRST SHUTDOWN OF ITS POWER SUPPLY
FR2601535B1 (en) * 1986-07-11 1988-10-21 Bull Cp8 METHOD FOR CERTIFYING THE AUTHENTICITY OF DATA EXCHANGED BETWEEN TWO DEVICES CONNECTED LOCALLY OR REMOTELY THROUGH A TRANSMISSION LINE
FR2618002B1 (en) * 1987-07-10 1991-07-05 Schlumberger Ind Sa METHOD AND SYSTEM FOR AUTHENTICATING ELECTRONIC MEMORY CARDS
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
US5079737A (en) * 1988-10-25 1992-01-07 United Technologies Corporation Memory management unit for the MIL-STD 1750 bus
US5434999A (en) 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
FR2640798B1 (en) 1988-12-20 1993-01-08 Bull Cp8 DATA PROCESSING DEVICE COMPRISING AN ELECTRICALLY ERASABLE AND REPROGRAMMABLE NON-VOLATILE MEMORY
JPH02171934A (en) * 1988-12-26 1990-07-03 Hitachi Ltd Virtual machine system
JPH02208740A (en) 1989-02-09 1990-08-20 Fujitsu Ltd Virtual computer control system
US5442645A (en) 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
JP2590267B2 (en) * 1989-06-30 1997-03-12 株式会社日立製作所 Display control method in virtual machine
US5022077A (en) 1989-08-25 1991-06-04 International Business Machines Corp. Apparatus and method for preventing unauthorized access to BIOS in a personal computer system
JP2825550B2 (en) * 1989-09-21 1998-11-18 株式会社日立製作所 Multiple virtual space address control method and computer system
CA2010591C (en) 1989-10-20 1999-01-26 Phillip M. Adams Kernels, description tables and device drivers
CA2027799A1 (en) * 1989-11-03 1991-05-04 David A. Miller Method and apparatus for independently resetting processors and cache controllers in multiple processor systems
US5075842A (en) 1989-12-22 1991-12-24 Intel Corporation Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism
US5230069A (en) 1990-10-02 1993-07-20 International Business Machines Corporation Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system
US5317705A (en) 1990-10-24 1994-05-31 International Business Machines Corporation Apparatus and method for TLB purge reduction in a multi-level machine system
US5287363A (en) * 1991-07-01 1994-02-15 Disk Technician Corporation System for locating and anticipating data storage media failures
US5437033A (en) 1990-11-16 1995-07-25 Hitachi, Ltd. System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode
US5255379A (en) 1990-12-28 1993-10-19 Sun Microsystems, Inc. Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor
US5453003A (en) * 1991-01-09 1995-09-26 Pfefferle; William C. Catalytic method
US5446904A (en) * 1991-05-17 1995-08-29 Zenith Data Systems Corporation Suspend/resume capability for a protected mode microprocessor
US5522075A (en) * 1991-06-28 1996-05-28 Digital Equipment Corporation Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces
US5319760A (en) 1991-06-28 1994-06-07 Digital Equipment Corporation Translation buffer for virtual machines with address space match
US5455909A (en) 1991-07-05 1995-10-03 Chips And Technologies Inc. Microprocessor with operation capture facility
JPH06236284A (en) * 1991-10-21 1994-08-23 Intel Corp Method for preservation and restoration of computer-system processing state and computer system
US5627987A (en) * 1991-11-29 1997-05-06 Kabushiki Kaisha Toshiba Memory management and protection system for virtual memory in computer system
US5574936A (en) 1992-01-02 1996-11-12 Amdahl Corporation Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system
US5210795A (en) * 1992-01-10 1993-05-11 Digital Equipment Corporation Secure user authentication from personal computer
US5486529A (en) * 1992-04-16 1996-01-23 Zeneca Limited Certain pyridyl ketones for treating diseases involving leukocyte elastase
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5327497A (en) * 1992-06-04 1994-07-05 Integrated Technologies Of America, Inc. Preboot protection of unauthorized use of programs and data with a card reader interface
US5237616A (en) 1992-09-21 1993-08-17 International Business Machines Corporation Secure computer system having privileged and unprivileged memories
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
DE69314804T2 (en) * 1992-11-11 1998-02-12 Finland Telecom Oy METHOD FOR CARRYING OUT FINANCIAL TRANSACTIONS BY MEANS OF A MOBILE TELEPHONE SYSTEM
JP2765411B2 (en) * 1992-11-30 1998-06-18 株式会社日立製作所 Virtual computer system
US5668971A (en) 1992-12-01 1997-09-16 Compaq Computer Corporation Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer
JPH06187178A (en) 1992-12-18 1994-07-08 Hitachi Ltd Input and output interruption control method for virtual computer system
US5483656A (en) * 1993-01-14 1996-01-09 Apple Computer, Inc. System for managing power consumption of devices coupled to a common bus
US5469557A (en) 1993-03-05 1995-11-21 Microchip Technology Incorporated Code protection in microcontroller with EEPROM fuses
FR2703800B1 (en) 1993-04-06 1995-05-24 Bull Cp8 Method for signing a computer file, and device for implementing it.
FR2704341B1 (en) 1993-04-22 1995-06-02 Bull Cp8 Device for protecting the keys of a smart card.
JPH06348867A (en) * 1993-06-04 1994-12-22 Hitachi Ltd Microcomputer
FR2706210B1 (en) 1993-06-08 1995-07-21 Bull Cp8 Method for authenticating a portable object by an offline terminal, portable object and corresponding terminal.
US5555385A (en) 1993-10-27 1996-09-10 International Business Machines Corporation Allocation of address spaces within virtual machine compute system
US5825880A (en) 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
US5459869A (en) 1994-02-17 1995-10-17 Spilo; Michael L. Method for providing protected mode services for device drivers and other resident software
US5604805A (en) * 1994-02-28 1997-02-18 Brands; Stefanus A. Privacy-protected transfer of electronic information
FR2717286B1 (en) * 1994-03-09 1996-04-05 Bull Cp8 Method and device for authenticating a data medium intended to allow a transaction or access to a service or a place, and corresponding medium.
US5684881A (en) 1994-05-23 1997-11-04 Matsushita Electric Industrial Co., Ltd. Sound field and sound image control apparatus and method
US5473692A (en) 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5539828A (en) 1994-05-31 1996-07-23 Intel Corporation Apparatus and method for providing secured communications
JPH0883211A (en) * 1994-09-12 1996-03-26 Mitsubishi Electric Corp Data processor
US6058478A (en) * 1994-09-30 2000-05-02 Intel Corporation Apparatus and method for a vetted field upgrade
FR2725537B1 (en) 1994-10-11 1996-11-22 Bull Cp8 METHOD FOR LOADING A PROTECTED MEMORY AREA OF AN INFORMATION PROCESSING DEVICE AND ASSOCIATED DEVICE
US5903752A (en) * 1994-10-13 1999-05-11 Intel Corporation Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5564040A (en) 1994-11-08 1996-10-08 International Business Machines Corporation Method and apparatus for providing a server function in a logically partitioned hardware machine
US5560013A (en) 1994-12-06 1996-09-24 International Business Machines Corporation Method of using a target processor to execute programs of a source architecture that uses multiple address spaces
US5555414A (en) 1994-12-14 1996-09-10 International Business Machines Corporation Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals
US5615263A (en) * 1995-01-06 1997-03-25 Vlsi Technology, Inc. Dual purpose security architecture with protected internal operating system
US5764969A (en) 1995-02-10 1998-06-09 International Business Machines Corporation Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization
FR2731536B1 (en) * 1995-03-10 1997-04-18 Schlumberger Ind Sa METHOD FOR SECURE INFORMATION RECORDING ON A PORTABLE MEDIUM
US5717903A (en) * 1995-05-15 1998-02-10 Compaq Computer Corporation Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device
JP3451595B2 (en) 1995-06-07 2003-09-29 インターナショナル・ビジネス・マシーンズ・コーポレーション Microprocessor with architectural mode control capable of supporting extension to two distinct instruction set architectures
US5684948A (en) 1995-09-01 1997-11-04 National Semiconductor Corporation Memory management circuit which provides simulated privilege levels
US5633929A (en) * 1995-09-15 1997-05-27 Rsa Data Security, Inc Cryptographic key escrow system having reduced vulnerability to harvesting attacks
US5737760A (en) * 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
JP3693721B2 (en) * 1995-11-10 2005-09-07 Necエレクトロニクス株式会社 Microcomputer with built-in flash memory and test method thereof
US5657445A (en) 1996-01-26 1997-08-12 Dell Usa, L.P. Apparatus and method for limiting access to mass storage devices in a computer system
US5835594A (en) 1996-02-09 1998-11-10 Intel Corporation Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
US5809546A (en) 1996-05-23 1998-09-15 International Business Machines Corporation Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for controlling accesses to the buffers
US6178509B1 (en) * 1996-06-13 2001-01-23 Intel Corporation Tamper resistant methods and apparatus
US6175925B1 (en) * 1996-06-13 2001-01-16 Intel Corporation Tamper resistant player for scrambled contents
US6205550B1 (en) * 1996-06-13 2001-03-20 Intel Corporation Tamper resistant methods and apparatus
US5729760A (en) * 1996-06-21 1998-03-17 Intel Corporation System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode
US6199152B1 (en) * 1996-08-22 2001-03-06 Transmeta Corporation Translated memory protection apparatus for an advanced microprocessor
US5740178A (en) * 1996-08-29 1998-04-14 Lucent Technologies Inc. Software for controlling a reliable backup memory
US6055637A (en) * 1996-09-27 2000-04-25 Electronic Data Systems Corporation System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential
US5844986A (en) 1996-09-30 1998-12-01 Intel Corporation Secure BIOS
US5852717A (en) 1996-11-20 1998-12-22 Shiva Corporation Performance optimizations for computer networks utilizing HTTP
US5901225A (en) * 1996-12-05 1999-05-04 Advanced Micro Devices, Inc. System and method for performing software patches in embedded systems
US5757919A (en) * 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
WO1998043212A1 (en) * 1997-03-24 1998-10-01 Visa International Service Association A system and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card
US6557104B2 (en) * 1997-05-02 2003-04-29 Phoenix Technologies Ltd. Method and apparatus for secure processing of cryptographic keys
US6044478A (en) * 1997-05-30 2000-03-28 National Semiconductor Corporation Cache with finely granular locked-down regions
US7290288B2 (en) * 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6035374A (en) * 1997-06-25 2000-03-07 Sun Microsystems, Inc. Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency
US6014745A (en) * 1997-07-17 2000-01-11 Silicon Systems Design Ltd. Protection for customer programs (EPROM)
US5919257A (en) 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
DE19735948C1 (en) * 1997-08-19 1998-10-01 Siemens Nixdorf Inf Syst Method for improving controllability in data processing equipment with translation-look-aside-buffer (TLB)
US6182089B1 (en) * 1997-09-23 2001-01-30 Silicon Graphics, Inc. Method, system and computer program product for dynamically allocating large memory pages of different sizes
US6357004B1 (en) * 1997-09-30 2002-03-12 Intel Corporation System and method for ensuring integrity throughout post-processing
US6094952A (en) * 1998-01-02 2000-08-01 Sargent & Greenleaf, Inc. Dead bolt combination lock with integrated re-locking features
US6378072B1 (en) * 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6308270B1 (en) * 1998-02-13 2001-10-23 Schlumberger Technologies, Inc. Validating and certifying execution of a software program with a smart card
US6192455B1 (en) * 1998-03-30 2001-02-20 Intel Corporation Apparatus and method for preventing access to SMRAM space through AGP addressing
US6374286B1 (en) * 1998-04-06 2002-04-16 Rockwell Collins, Inc. Real time processor capable of concurrently running multiple independent JAVA machines
US6173417B1 (en) * 1998-04-30 2001-01-09 Intel Corporation Initializing and restarting operating systems
US7096494B1 (en) * 1998-05-05 2006-08-22 Chen Jay C Cryptographic system and method for electronic transactions
US6339815B1 (en) * 1998-08-14 2002-01-15 Silicon Storage Technology, Inc. Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space
US6505279B1 (en) * 1998-08-14 2003-01-07 Silicon Storage Technology, Inc. Microcontroller system having security circuitry to selectively lock portions of a program memory address space
US6363485B1 (en) * 1998-09-09 2002-03-26 Entrust Technologies Limited Multi-factor biometric authenticating device and method
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6188257B1 (en) * 1999-02-01 2001-02-13 Vlsi Technology, Inc. Power-on-reset logic with secure power down capability
US7225333B2 (en) * 1999-03-27 2007-05-29 Microsoft Corporation Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US6684326B1 (en) * 1999-03-31 2004-01-27 International Business Machines Corporation Method and system for authenticated boot operations in a computer system of a networked computing environment
FI109445B (en) * 1999-08-06 2002-07-31 Nokia Corp A method for transmitting user credentials to a wireless device
US6529909B1 (en) * 1999-08-31 2003-03-04 Accenture Llp Method for translating an object attribute converter in an information services patterns environment
US7055041B1 (en) * 1999-09-24 2006-05-30 International Business Machines Corporation Controlled use of devices
US6535988B1 (en) * 1999-09-29 2003-03-18 Intel Corporation System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate
US6374317B1 (en) * 1999-10-07 2002-04-16 Intel Corporation Method and apparatus for initializing a computer interface
US6779112B1 (en) * 1999-11-05 2004-08-17 Microsoft Corporation Integrated circuit devices with steganographic authentication, and steganographic authentication methods
US6993656B1 (en) * 1999-12-10 2006-01-31 International Business Machines Corporation Time stamping method using aged time stamp receipts
US6996710B1 (en) * 2000-03-31 2006-02-07 Intel Corporation Platform and method for issuing and certifying a hardware-protected attestation key
US6678825B1 (en) * 2000-03-31 2004-01-13 Intel Corporation Controlling access to multiple isolated memories in an isolated execution environment
US6507904B1 (en) * 2000-03-31 2003-01-14 Intel Corporation Executing isolated mode instructions in a secure system running in privilege rings
US6990579B1 (en) * 2000-03-31 2006-01-24 Intel Corporation Platform and method for remote attestation of a platform
FI20000760A0 (en) * 2000-03-31 2000-03-31 Nokia Corp Authentication in a packet data network
US7558965B2 (en) * 2000-08-04 2009-07-07 First Data Corporation Entity authentication in electronic communications by providing verification status of device
GB0020416D0 (en) * 2000-08-18 2000-10-04 Hewlett Packard Co Trusted system
JP2002094499A (en) * 2000-09-18 2002-03-29 Sanyo Electric Co Ltd Data terminal device and headphone device
FI115098B (en) * 2000-12-27 2005-02-28 Nokia Corp Authentication in data communication
GB2366141B (en) * 2001-02-08 2003-02-12 Ericsson Telefon Ab L M Authentication and authorisation based secure ip connections for terminals
US7093127B2 (en) * 2001-08-09 2006-08-15 Falconstor, Inc. System and method for computer storage security
ATE291807T1 (en) * 2001-05-08 2005-04-15 Ericsson Telefon Ab L M SECURE ACCESS TO A REMOTE SUBSCRIBER MODULE
US20040218762A1 (en) * 2003-04-29 2004-11-04 Eric Le Saint Universal secure messaging for cryptographic modules
US8209753B2 (en) * 2001-06-15 2012-06-26 Activcard, Inc. Universal secure messaging for remote security tokens
US20030018892A1 (en) * 2001-07-19 2003-01-23 Jose Tello Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer
US7171460B2 (en) * 2001-08-07 2007-01-30 Tatara Systems, Inc. Method and apparatus for integrating billing and authentication functions in local area and wide area wireless data networks
US7779267B2 (en) * 2001-09-04 2010-08-17 Hewlett-Packard Development Company, L.P. Method and apparatus for using a secret in a distributed computing system
JP2003101570A (en) * 2001-09-21 2003-04-04 Sony Corp Communication processing system and method, and its server device and computer program
US7191464B2 (en) * 2001-10-16 2007-03-13 Lenovo Pte. Ltd. Method and system for tracking a secure boot in a trusted computing environment
GB2392590B (en) * 2002-08-30 2005-02-23 Toshiba Res Europ Ltd Methods and apparatus for secure data communication links
KR100479260B1 (en) * 2002-10-11 2005-03-31 한국전자통신연구원 Method for cryptographing wireless data and apparatus thereof
KR100480258B1 (en) * 2002-10-15 2005-04-07 삼성전자주식회사 Authentication method for fast hand over in wireless local area network
US7694139B2 (en) * 2002-10-24 2010-04-06 Symantec Corporation Securing executable content using a trusted computing platform
US7475241B2 (en) * 2002-11-22 2009-01-06 Cisco Technology, Inc. Methods and apparatus for dynamic session key generation and rekeying in mobile IP
JP4067985B2 (en) * 2003-02-28 2008-03-26 松下電器産業株式会社 Application authentication system and device
US20040221174A1 (en) * 2003-04-29 2004-11-04 Eric Le Saint Uniform modular framework for a host computer system
GB2404537B (en) * 2003-07-31 2007-03-14 Hewlett Packard Development Co Controlling access to data
US7634807B2 (en) * 2003-08-08 2009-12-15 Nokia Corporation System and method to establish and maintain conditional trust by stating signal of distrust
US7275263B2 (en) * 2003-08-11 2007-09-25 Intel Corporation Method and system and authenticating a user of a computer system that has a trusted platform module (TPM)
US7132860B2 (en) * 2004-03-18 2006-11-07 Intersil Americas Inc. Differential-mode current feedback amplifiers

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001013198A1 (en) * 1999-08-13 2001-02-22 Hewlett-Packard Company Enforcing restrictions on the use of stored data

Also Published As

Publication number Publication date
JP4461145B2 (en) 2010-05-12
TW200531499A (en) 2005-09-16
US7636844B2 (en) 2009-12-22
TWI308836B (en) 2009-04-11
CN100480946C (en) 2009-04-22
US20050108532A1 (en) 2005-05-19
KR20060090262A (en) 2006-08-10
CN1882896A (en) 2006-12-20
WO2005050423A1 (en) 2005-06-02
JP2007515704A (en) 2007-06-14

Similar Documents

Publication Publication Date Title
KR100871182B1 (en) Method and system to provide a trusted channel within a computer system for a sim device
US20060075259A1 (en) Method and system to generate a session key for a trusted channel within a computer system
CN104951409B (en) A kind of hardware based full disk encryption system and encryption method
ES2599985T3 (en) Validation at any time for verification tokens
KR101292503B1 (en) Binding a device to a computer
CN103221961B (en) Comprise the method and apparatus of the framework for the protection of multi-ser sensitive code and data
CN101551784B (en) Method and device for encrypting data in ATA memory device with USB interface
TWI332629B (en)
US7861015B2 (en) USB apparatus and control method therein
KR100831441B1 (en) Trusted peripheral mechanism
EP1662697A1 (en) Method and apparatus for security over multiple interfaces
CN107832589B (en) Software copyright protection method and system
SG190156A1 (en) Device for and method of handling sensitive data
TW200947202A (en) System and method for providing secure access to system memory
EP2361416A1 (en) Secure storage device
RU2009131703A (en) SINGLE-CRYST COMPUTER AND TACHOGRAPH
CN102222195B (en) E-book reading method and system
KR20040028086A (en) Contents copyright management system and the method in wireless terminal
US20200028829A1 (en) Security unit for an iot device and method for running one or more applications for the secured exchange of data with one or more servers which provide web services
JP2007072957A (en) Read/write device and debugging system
WO2017163204A1 (en) A memory management system and method
US20060099991A1 (en) Method and apparatus for detecting and protecting a credential card
JP2006227679A (en) Usb memory key
KR100712835B1 (en) A secure storage apparatus
JP2000232442A (en) Information processing method/system

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20121019

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20131101

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20141031

Year of fee payment: 7

FPAY Annual fee payment

Payment date: 20151030

Year of fee payment: 8

FPAY Annual fee payment

Payment date: 20161028

Year of fee payment: 9

LAPS Lapse due to unpaid annual fee